Dyre Wolf malware, a dynamic campaign has been discovered by researchers, which already has raked in more than $1 million. This latest campaign utilizes a combo of social engineering and malware.

The campaign has been dubbed as the Dyre Wolf campaign by IBM Security Researchers. According to them, this campaign targets businesses and firms that primarily perform wire transfers to pass huge sums of money. Even if the transactions are protected with the two-factor authentication, the malware can bypass it.

The campaign initiates with large number of emails to trick people into downloading and installing Dyre. It is one of the numerous malware that were discovered in 2014.

dyre-wolf-malware-bypasses-2-factor-authentication-security-steals-1million
Image Source: Deviantart.net

IBM researchers observed that the Dyre versions remain undetected by almost all the anti-virus software currently available.

When Dyre is installed on a PC, it gets infected and sends out massive number of emails to other users that are listed in the address book of the victim and after this the malware waits. The rest of the process is comprehensively explained by John Kuhn and Lance Mueller, the IBM Security Intelligence researchers, in their blog post on Thursday:

Once the infected victim tries to log in to one of the hundreds of bank websites for which Dyre is programmed to monitor, a new screen will appear instead of the corporate banking site. The page will explain the site is experiencing issues and that the victim should call the number provided to get help logging in.

dyre-wolf-malware-bypasses-2-factor-authentication-security-steals-1million-2
Image Source: IBM

One of the many interesting things with this campaign is that the attackers are bold enough to use the same phone number for each website and know when victims will call and which bank to answer as. This all results in successfully duping their victims into providing their organizations’ banking credentials.

As soon as the victim hangs up the phone, the wire transfer is complete. The money starts its journey and bounces from foreign bank to foreign bank to circumvent detection by the bank and law enforcement. One organization targeted with the campaign also experienced a DDoS. IBM assumes this was to distract it from finding the wire transfer until it was too late.

Dyre Wolf campaign’s success highlights the fact that improved training is essential for employees so that they are able to spot malicious emails and suspicious tricks such as the aforementioned one.


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.